Vendor and SLA audit, ISAE3000 /SOC2 reports

Vendor and SLA audit are usually part of internal audit programme. Depending on the framework/controls used by customer and supplier we provide detailed reports on vendor or SLA audit.

Supplier audits and materially significant contracts or Service Level Agreement (SLA) contracts are commonly included in internal audit programs. In the Southeast Europe region, relationships with suppliers, supplier selection processes, performance assessments, and compliance are strictly regulated in the public and banking sectors. With the new European regulations NIS2 and DORA, the assessment and procurement of trelated rust services are becoming increasingly important.

Depending on the framework and controls used by the customer and their supplier, we provide a detailed report on the supplier control status or audit of service provision under the SLA. The reporting methodology includes:

- Mandatory ISO 27001 security system controls
- ISAE3000 reports (formerly ISAE3402 type II reports) / SOC2 report
- Supplier management according to COBIT best practice guide (including mapping to ITIL v3/NIST/ENISA-based cyber processes
- Other methodologies or frameworks that are requested or relevant to the customer.